OpenLdap pam_ldap / nss_ldap weak password change encryption
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
OpenLdap pam_ldap / nss_ldap weak password change encryption
updated since 04.07.2005
Published:
14.07.2005
Source:
SECUNIA
SecurityVulns ID:
4956
Type:
m-i-t-m
Level:
5
/10
Description:
TLS is not used with LDAP server during password change, password is transmitted in cleartext.
Affected:
OPENLDAP
:
OpenLDAP 2.2
PAMLDAP
:
pam_ldap 177
NSSLDAP
:
nss_ldap 238
Original document
GENTOO
,
[Full-disclosure] [ GLSA 200507-13 ] pam_ldap and nss_ldap: Plain text authentication leak
(
14.07.2005
)
Rob Holland
,
pam_ldap/nss_ldap password leak in a master+slave+start_tls LDAP setup
(
05.07.2005
)
SECUNIA
,
[SA15906] OpenLDAP / pam_ldap Password Disclosure Security Issue
(
04.07.2005
)
Discuss:
Read or add your comments to this news (0 comments)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Nizhny Novgorod
Enter your search terms
Web
securityvulns.com
Submit search form
test server
